Computer networking has been one of the most important advancements in modern computing. Allowing disparate applications operating on separate computer systems to trade information, conduct business, exchange financial transactions, and even the routine act of sending an email are some of the most common things we do with computers today. Even with the advancement of ever faster computing devices, the trend continues to connect devices at an astounding rate. In addition, there is also a thriving mobile device market, thus increasing the amount of traffic flowing between systems over any number of networks. The need to connect computing devices or networks such that the devices can communicate safely is essential to today's marketplace.
One important aspect of this interconnected network of computer systems and devices is security. Without security, the convenience and speed of networked transactions would present more risk than the majority of applications could handle. In order to mitigate that risk and provide a much more secure communication channel, a firewall device is typically deployed in most networks. In general, a firewall device is a software or hardware-based device that controls incoming and outgoing traffic to/from a network through an ordered set of rules, collectively referred to as a firewall policy. The primary purpose of a firewall is to act as the first line of defense against malicious and unauthorized traffic from affecting a network, keeping the information that an organization does not want out, while allowing approved access to flow into and out of the network.
While a static firewall policy may somewhat protect a network, a firewall policy with the ability to adapt to the ever-changing environment of a network, such as the Internet, allows the firewall to defend against the newest types of malicious attacks. However, as new attacks are discovered and new rules for addressing or handling those new attacks are added to a firewall's rule-base, management of a firewall policy quickly becomes overwhelming for network managers or engineers. Many firewall devices today include rule-sets with thousands of rules that continually grow as more and more threats to the network are identified. As such, the ability to accurately and confidently understand a firewall policy and know what changes have occurred is more difficult than ever and continues to increase in complexity with every passing day.
In addition to individual firewall policies consisting of a list of rules, attempting to model the entire firewall introduces an additional set of attributes possessed by most modern firewall vendors. Multiple ingress and egress interfaces, traffic routing tables, multiple security policies, and network address translation (NAT) broaden the definition of a firewall such that modeling the behavior of a firewall becomes more than an ordered list of rules. Therefore, the ability to accurately and confidently understand the firewall device and know what changes have occurred are more difficult than ever, and continue to increase in complexity.
It is with these and other issues in mind that various aspects of the present disclosure were developed.